Customer Support System

3 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-70141 CRITICAL POC Act Now

Incorrect access control in SourceCodester Customer Support System 1.0 allows unauthenticated access to AJAX dispatcher, enabling full system compromise. PoC available.

PHP Customer Support System
NVD
CVSS 3.1
9.4
EPSS
0.4%
CVE-2025-40729 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) in /customer_support/index.php in Customer Support System v1.0, which allows remote attackers to execute arbitrary code via the page parameter.

PHP RCE XSS Customer Support System
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-40728 HIGH This Week

A SQL injection vulnerability in Customer Support System (CVSS 8.8) that allows an authenticated attacker. High severity vulnerability requiring prompt remediation.

PHP SQLi Information Disclosure Customer Support System
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-70141
EPSS 0% CVSS 9.4
CRITICAL POC Act Now

Incorrect access control in SourceCodester Customer Support System 1.0 allows unauthenticated access to AJAX dispatcher, enabling full system compromise. PoC available.

PHP Customer Support System
NVD
CVE-2025-40729
EPSS 0% CVSS 6.1
MEDIUM This Month

Reflected Cross-Site Scripting (XSS) in /customer_support/index.php in Customer Support System v1.0, which allows remote attackers to execute arbitrary code via the page parameter.

PHP RCE XSS +1
NVD
CVE-2025-40728
EPSS 0% CVSS 8.8
HIGH This Week

A SQL injection vulnerability in Customer Support System (CVSS 8.8) that allows an authenticated attacker. High severity vulnerability requiring prompt remediation.

PHP SQLi Information Disclosure +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy